Authcrunch Caddy-security

5 CVEs affecting Authcrunch Caddy-security. Latest disclosed: 2024-02-17. Critical: 0, High: 0.

Top CVEs affecting Authcrunch Caddy-security
CVESeverityScorePublishedSummary
CVE-2024-21496Medium6.12024-02-17All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanit…
CVE-2023-52430Medium6.12024-02-12The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /set…
CVE-2024-21498Medium5.32024-02-17All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. A…
CVE-2024-21500Medium4.82024-02-17All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor a…
CVE-2024-21492Medium4.82024-02-17All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon…